. ____ is the presentation of credentials or identification, typically performed when logging on to a system.

Identification

is the verification of the credentials to ensure that they are genuine and not fabricated.

authentication

____ is granting permission for admittance.

authorization

____ is the right to use specific resources.

access

There are several types of OTPs. The most common type is a ____ OTP.

time-synchronized

A ____ fingerprint scanner requires the user to place the entire thumb or finger on a small oval window on the scanner.

static

A ____ fingerprint scanner has a small slit or opening. Instead of placing the entire finger on the scanner the finger is swiped across the opening.

dynamic

____ time is the time it takes for a key to be pressed and then released.

dwell

. ____, such as using an OTP (what a person has) and a password (what a person knows), enhances security, particularly if different types of authentication methods are used.

two factor authentication

____ requires that a user present three different types of authentication credentials.

three factor authentication

____ is a feature of Windows that is intended to provide users with control of their digital identities while helping them to manage privacy.

windows cardspace

____ is a decentralized open source FIM that does not require specific software to be installed on the desktop.

openid

____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.

keberos

____ is an industry standard protocol specification that forwards username and password information to a centralized server.

tacacs+

The International Organization for Standardization (ISO) created a standard for directory services known as ____.

x.500

The ____, sometimes called X.500 Lite, is a simpler subset of DAP.

Ldap

The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as the ____.

eap

____ is a very basic authentication protocol that was used to authenticate a user to a remote access server or to an Internet service provider (ISP).

pap

____ refers to any combination of hardware and software that enables access to remote users to a local internal network.

ras

. A(n) ____ uses an unsecured public network, such as the Internet, as if it were a secure private network.

vpn

A(n) ____ is the end of the tunnel between VPN devices.

endpoint

In information security, a ____ is the likelihood that a threat agent will exploit a vulnerability.

risk

____ generally denotes a potential negative impact to an asset.

risk

The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.

threat modeling

Known as ____, this in effect takes a snapshot of the security of the organization as it now stands.

vulnerability apprasial

The ____ is the expected monetary loss every time a risk occurs.

single loss expentancuy (SLE)

The ____ is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.

Annualized Loss Expectancy (ALE)

In a ____, the risk is spread over all of the members of the pool.

risk retention pool

Identifying vulnerabilities through a(n) ____ determines the current security weaknesses that could expose assets to threats.

Velnerability appraisal

Most communication in TCP/IP involves the exchange of information between a program running on one device (known as a ____) and the same or a corresponding process running on another device.

process

TCP/IP uses a numeric value as an identifier to applications and services on the systems. These are known as the ____.

port number

____ are typically used to determine the state of a port to know what applications are running and could be exploited.

Port scanners

A(n) ____ port means that the application or service assigned to that port is listening.

open

A(n) ____ port indicates that no process is listening at this port.

closed

A(n) ____ port means that the host system does not reply to any inquiries to this port number.

blocked

____ are software tools that can identify all the systems connected to a network.

network mappers

____ provides support to IP in the form of ICMP messages that allow different types of communication to occur between IP devices.

icmp

The key feature of a protocol analyzer is that it places the computer's network interface card (NIC) adapter into ____, meaning that NIC does not ignore packets intended for other systems and shows all network traffic.

promiscuous mode

____ is a generic term that refers to a range of products that look for vulnerabilities in networks or systems.

vulnerability scanner

____ is a “common language” for the exchange of information regarding security vulnerabilities.

oval

____ programs use the file of hashed passwords and then attempts to break the hashed passwords offline.

password cracker

____ is a method of evaluating the security of a computer system or network by simulating a malicious attack instead of just scanning for vulnerabilities.

penetration testing

____ is the process of assigning and revoking privileges to objects; that is, it covers the procedures of managing object authorizations.

privilege managment

The ____ is typically defined as the person responsible for the information, who determines the level of security needed for the data, and delegates security duties as required

owner

The ____ is the individual to whom day-to-day actions have been assigned by the owner and who periodically reviews security settings and maintains records of access by end users.

custodian

The Windows file and folder ____ permission allows files or folders to be opened as read-only and to be copied.

read

The Windows file and folder ____ permission allows the creation of files and folders, and allows data to be added to or removed from files.

write

The Microsoft ____ infrastructure is a mechanism to centrally configure and secure a common set of computer and user configurations and security settings to Windows servers, desktops, and users in an AD.

group policy

____ is part of the pre-trial phase of a lawsuit in which each party through the law of civil procedure can request documents and other evidence from other parties or can compel the production of evidence by using a subpoena.